Supabase best practices for sanitizing user-generated HTML in database?

I'm creating a site where the user uses a rich text editor that outputs HTML. The user then puts that in a database field every time they save it. I know I could sanitize it on the frontend, but that doesn't work if I want SEO.

Is there a way I could receive the incoming HTML on the client trying to

.insert()

.insert()

it into the database, get a Supabase function to sanitize the HTML, then have the HTML go into the database? I know I could add another column, something like

is-sanitized

is-sanitized

but that creates some more UX headaches.

Also, I know I can have a webhook, but that doesn't wait for a response (right?). If I go with that route, if there is an error with the webhook the unsanitized HTML would just say in the database. Ideally it never goes in at all.

Supabase•3y ago•

3 replies

dannyh

Supabase best practices for sanitizing user-generated HTML in database?

.insert()

.insert()

it into the database, get a Supabase function to sanitize the HTML, then have the HTML go into the database? I know I could add another column, something like

is-sanitized

is-sanitized

Supabase best practices for sanitizing user-generated HTML in database?

Similar Threads

Supabase best practices for sanitizing user-generated HTML in database?

Similar Threads

Similar Threads

Similar Threads